From 8dcf3c27c14739e06cae19f8c6d3a8ae8266cacd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 16:55:12 +0000 Subject: [PATCH 01/31] Bump the npm_and_yarn group across 3 directories with 2 updates Bumps the npm_and_yarn group with 1 update in the /api/javascript/es2015-nodejs directory: [node-fetch](https://github.com/node-fetch/node-fetch). Bumps the npm_and_yarn group with 1 update in the /api/javascript/gha-cleanup directory: [node-fetch](https://github.com/node-fetch/node-fetch). Bumps the npm_and_yarn group with 1 update in the /graphql/enterprise directory: [braces](https://github.com/micromatch/braces). Updates `node-fetch` from 1.7.3 to 3.3.2 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](https://github.com/node-fetch/node-fetch/compare/1.7.3...v3.3.2) Updates `node-fetch` from 2.6.8 to 2.7.0 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](https://github.com/node-fetch/node-fetch/compare/1.7.3...v3.3.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: node-fetch dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- api/javascript/es2015-nodejs/package.json | 2 +- api/javascript/gha-cleanup/package-lock.json | 6 +++--- graphql/enterprise/yarn.lock | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/api/javascript/es2015-nodejs/package.json b/api/javascript/es2015-nodejs/package.json index efb437a13..68b6cdd18 100644 --- a/api/javascript/es2015-nodejs/package.json +++ b/api/javascript/es2015-nodejs/package.json @@ -6,6 +6,6 @@ }, "author": "@k33g", "dependencies": { - "node-fetch": "^1.6.3" + "node-fetch": "^3.3.2" } } diff --git a/api/javascript/gha-cleanup/package-lock.json b/api/javascript/gha-cleanup/package-lock.json index ff83ade48..e54c0d7bf 100644 --- a/api/javascript/gha-cleanup/package-lock.json +++ b/api/javascript/gha-cleanup/package-lock.json @@ -1261,9 +1261,9 @@ "integrity": "sha512-Jx5lPaaLdIaOsj2mVLWMWulXF6GQVdyLvNSxmiYCvZ8Ma2hfKX0POoR2kgKOqz+oFsRreq0yYZjQ2wjE9VNzCA==" }, "node-fetch": { - "version": "2.6.8", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.8.tgz", - "integrity": "sha512-RZ6dBYuj8dRSfxpUSu+NsdF1dpPpluJxwOp+6IoDp/sH2QNDSvurYsAa+F1WxY2RjA1iP93xhcsUoYbF2XBqVg==", + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", "requires": { "whatwg-url": "^5.0.0" } diff --git a/graphql/enterprise/yarn.lock b/graphql/enterprise/yarn.lock index a2ea79604..ef9fb209d 100644 --- a/graphql/enterprise/yarn.lock +++ b/graphql/enterprise/yarn.lock @@ -317,10 +317,10 @@ brace-expansion@^1.1.7: concat-map "0.0.1" braces@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107" + version "3.0.3" + resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" dependencies: - fill-range "^7.0.1" + fill-range "^7.1.1" busboy@^1.6.0: version "1.6.0" @@ -473,9 +473,9 @@ fbjs@^0.8.9: setimmediate "^1.0.5" ua-parser-js "^0.7.9" -fill-range@^7.0.1: - version "7.0.1" - resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40" +fill-range@^7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" dependencies: to-regex-range "^5.0.1" From e2f2e052b81838843f77917f7293b77e6be49b72 Mon Sep 17 00:00:00 2001 From: Ryan Trauntvein Date: Thu, 5 Sep 2024 11:47:29 -0700 Subject: [PATCH 02/31] Create SUPPORT.md --- SUPPORT.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 SUPPORT.md diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 000000000..cecc2a771 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,8 @@ +# Support + +This repository contains sample code provided by GitHub for demonstration purposes. + +- **No Official Support**: These samples are provided "as-is" without official support. +- **Use at Your Own Risk**: Intended for learning and experimentation, not for production use. + +Thank you for understanding. From beb3f73d869d6741e83760b2a10eda5f19fc59e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Sep 2024 20:12:42 +0000 Subject: [PATCH 03/31] Bump micromatch Bumps the npm_and_yarn group with 1 update in the /graphql/enterprise directory: [micromatch](https://github.com/micromatch/micromatch). Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8) --- updated-dependencies: - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- graphql/enterprise/yarn.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/graphql/enterprise/yarn.lock b/graphql/enterprise/yarn.lock index ef9fb209d..a2f2125e4 100644 --- a/graphql/enterprise/yarn.lock +++ b/graphql/enterprise/yarn.lock @@ -316,7 +316,7 @@ brace-expansion@^1.1.7: balanced-match "^1.0.0" concat-map "0.0.1" -braces@^3.0.2: +braces@^3.0.2, braces@^3.0.3: version "3.0.3" resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" dependencies: @@ -695,10 +695,10 @@ meros@^1.1.4, meros@^1.2.1: resolved "https://registry.yarnpkg.com/meros/-/meros-1.2.1.tgz#056f7a76e8571d0aaf3c7afcbe7eb6407ff7329e" micromatch@^4.0.4: - version "4.0.5" - resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.5.tgz#bc8999a7cbbf77cdc89f132f6e467051b49090c6" + version "4.0.8" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.8.tgz#d66fa18f3a47076789320b9b1af32bd86d9fa202" dependencies: - braces "^3.0.2" + braces "^3.0.3" picomatch "^2.3.1" minimatch@4.2.1: From 9d1a13526ee5f42a4b828c8e6cd5dd5b6c5773f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Sep 2024 20:12:44 +0000 Subject: [PATCH 04/31] Bump the bundler group across 3 directories with 3 updates Bumps the bundler group with 1 update in the /api/ruby/building-a-ci-server directory: [sinatra](https://github.com/sinatra/sinatra). Bumps the bundler group with 1 update in the /api/ruby/delivering-deployments directory: [sinatra](https://github.com/sinatra/sinatra). Bumps the bundler group with 1 update in the /api/ruby/rendering-data-as-graphs directory: [addressable](https://github.com/sporkmonger/addressable). Updates `sinatra` from 2.2.3 to 4.0.0 - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](https://github.com/sinatra/sinatra/compare/v2.2.3...v4.0.0) Updates `rack` from 2.2.8.1 to 3.1.7 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/v2.2.8.1...v3.1.7) Updates `sinatra` from 2.2.3 to 4.0.0 - [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md) - [Commits](https://github.com/sinatra/sinatra/compare/v2.2.3...v4.0.0) Updates `rack` from 2.2.8.1 to 3.1.7 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/v2.2.8.1...v3.1.7) Updates `addressable` from 2.8.1 to 2.8.7 - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.8.1...addressable-2.8.7) --- updated-dependencies: - dependency-name: sinatra dependency-type: direct:production dependency-group: bundler - dependency-name: rack dependency-type: indirect dependency-group: bundler - dependency-name: sinatra dependency-type: direct:production dependency-group: bundler - dependency-name: rack dependency-type: indirect dependency-group: bundler - dependency-name: addressable dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] --- api/ruby/building-a-ci-server/Gemfile | 2 +- api/ruby/building-a-ci-server/Gemfile.lock | 25 +++++++++++-------- api/ruby/delivering-deployments/Gemfile | 2 +- api/ruby/delivering-deployments/Gemfile.lock | 25 +++++++++++-------- .../rendering-data-as-graphs/Gemfile.lock | 6 ++--- 5 files changed, 35 insertions(+), 25 deletions(-) diff --git a/api/ruby/building-a-ci-server/Gemfile b/api/ruby/building-a-ci-server/Gemfile index 7b33ee79d..e3fe9b810 100644 --- a/api/ruby/building-a-ci-server/Gemfile +++ b/api/ruby/building-a-ci-server/Gemfile @@ -3,4 +3,4 @@ source "https://rubygems.org" gem "json", "~> 2.3" gem "octokit", "~> 3.0" gem "shotgun" -gem "sinatra", "~> 2.2.3" +gem "sinatra", "~> 4.0.0" diff --git a/api/ruby/building-a-ci-server/Gemfile.lock b/api/ruby/building-a-ci-server/Gemfile.lock index 9c6cc66e2..978bde915 100644 --- a/api/ruby/building-a-ci-server/Gemfile.lock +++ b/api/ruby/building-a-ci-server/Gemfile.lock @@ -2,29 +2,34 @@ GEM remote: https://rubygems.org/ specs: addressable (2.3.6) + base64 (0.2.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) json (2.3.0) multipart-post (2.0.0) - mustermann (2.0.2) + mustermann (3.0.3) ruby2_keywords (~> 0.0.1) octokit (3.0.0) sawyer (~> 0.5.3) - rack (2.2.8.1) - rack-protection (2.2.3) - rack + rack (3.1.7) + rack-protection (4.0.0) + base64 (>= 0.1.0) + rack (>= 3.0.0, < 4) + rack-session (2.0.0) + rack (>= 3.0.0) ruby2_keywords (0.0.5) sawyer (0.5.4) addressable (~> 2.3.5) faraday (~> 0.8, < 0.10) shotgun (0.9) rack (>= 1.0) - sinatra (2.2.3) - mustermann (~> 2.0) - rack (~> 2.2) - rack-protection (= 2.2.3) + sinatra (4.0.0) + mustermann (~> 3.0) + rack (>= 3.0.0, < 4) + rack-protection (= 4.0.0) + rack-session (>= 2.0.0, < 3) tilt (~> 2.0) - tilt (2.0.11) + tilt (2.4.0) PLATFORMS ruby @@ -33,7 +38,7 @@ DEPENDENCIES json (~> 2.3) octokit (~> 3.0) shotgun - sinatra (~> 2.2.3) + sinatra (~> 4.0.0) BUNDLED WITH 1.11.2 diff --git a/api/ruby/delivering-deployments/Gemfile b/api/ruby/delivering-deployments/Gemfile index 7b33ee79d..e3fe9b810 100644 --- a/api/ruby/delivering-deployments/Gemfile +++ b/api/ruby/delivering-deployments/Gemfile @@ -3,4 +3,4 @@ source "https://rubygems.org" gem "json", "~> 2.3" gem "octokit", "~> 3.0" gem "shotgun" -gem "sinatra", "~> 2.2.3" +gem "sinatra", "~> 4.0.0" diff --git a/api/ruby/delivering-deployments/Gemfile.lock b/api/ruby/delivering-deployments/Gemfile.lock index 5ec12f7c8..978bde915 100644 --- a/api/ruby/delivering-deployments/Gemfile.lock +++ b/api/ruby/delivering-deployments/Gemfile.lock @@ -2,29 +2,34 @@ GEM remote: https://rubygems.org/ specs: addressable (2.3.6) + base64 (0.2.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) json (2.3.0) multipart-post (2.0.0) - mustermann (2.0.2) + mustermann (3.0.3) ruby2_keywords (~> 0.0.1) octokit (3.0.0) sawyer (~> 0.5.3) - rack (2.2.8.1) - rack-protection (2.2.3) - rack + rack (3.1.7) + rack-protection (4.0.0) + base64 (>= 0.1.0) + rack (>= 3.0.0, < 4) + rack-session (2.0.0) + rack (>= 3.0.0) ruby2_keywords (0.0.5) sawyer (0.5.4) addressable (~> 2.3.5) faraday (~> 0.8, < 0.10) shotgun (0.9) rack (>= 1.0) - sinatra (2.2.3) - mustermann (~> 2.0) - rack (~> 2.2) - rack-protection (= 2.2.3) + sinatra (4.0.0) + mustermann (~> 3.0) + rack (>= 3.0.0, < 4) + rack-protection (= 4.0.0) + rack-session (>= 2.0.0, < 3) tilt (~> 2.0) - tilt (2.1.0) + tilt (2.4.0) PLATFORMS ruby @@ -33,7 +38,7 @@ DEPENDENCIES json (~> 2.3) octokit (~> 3.0) shotgun - sinatra (~> 2.2.3) + sinatra (~> 4.0.0) BUNDLED WITH 1.11.2 diff --git a/api/ruby/rendering-data-as-graphs/Gemfile.lock b/api/ruby/rendering-data-as-graphs/Gemfile.lock index dab0aa41d..bfaee71e9 100644 --- a/api/ruby/rendering-data-as-graphs/Gemfile.lock +++ b/api/ruby/rendering-data-as-graphs/Gemfile.lock @@ -6,8 +6,8 @@ GEM i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) concurrent-ruby (1.2.2) faraday (1.10.3) faraday-em_http (~> 1.0) @@ -39,7 +39,7 @@ GEM multipart-post (2.3.0) octokit (4.7.0) sawyer (~> 0.8.0, >= 0.5.3) - public_suffix (5.0.1) + public_suffix (6.0.1) rack (1.6.13) rack-protection (1.5.5) rack From 7d53896a3e99c8a75334b1fd3f2df723d3121f96 Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Mon, 30 Sep 2024 13:15:01 +0930 Subject: [PATCH 05/31] Create org-list-outside-collaborators-by-repo.graphql --- ...list-outside-collaborators-by-repo.graphql | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 graphql/queries/org-list-outside-collaborators-by-repo.graphql diff --git a/graphql/queries/org-list-outside-collaborators-by-repo.graphql b/graphql/queries/org-list-outside-collaborators-by-repo.graphql new file mode 100644 index 000000000..bcdc57c3f --- /dev/null +++ b/graphql/queries/org-list-outside-collaborators-by-repo.graphql @@ -0,0 +1,25 @@ +query( $cursor: String) { + organization(login: "another-boring-org") { + url + login + repositories(first: 100, after: $cursor) { + pageInfo { + endCursor + hasNextPage + } + nodes { + name + collaborators(affiliation: OUTSIDE, first: 100) { + + nodes { + url + login + } + edges { + permission + } + } + } + } + } + } From 1edb1959b8701f7da3770e9f2645def88bcb6b82 Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Tue, 22 Oct 2024 17:00:17 +1030 Subject: [PATCH 06/31] Update organization login to ORG_NAME --- graphql/queries/org-list-outside-collaborators-by-repo.graphql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/graphql/queries/org-list-outside-collaborators-by-repo.graphql b/graphql/queries/org-list-outside-collaborators-by-repo.graphql index bcdc57c3f..672dff719 100644 --- a/graphql/queries/org-list-outside-collaborators-by-repo.graphql +++ b/graphql/queries/org-list-outside-collaborators-by-repo.graphql @@ -1,5 +1,5 @@ query( $cursor: String) { - organization(login: "another-boring-org") { + organization(login: "ORG_NAME") { url login repositories(first: 100, after: $cursor) { From fbc89c1844b40242e01abc9b9efa36d68fa7889c Mon Sep 17 00:00:00 2001 From: Justin Alex Paramanandan <1155821+jusuchin85@users.noreply.github.com> Date: Tue, 19 Nov 2024 13:13:22 +1100 Subject: [PATCH 07/31] Add new GraphQL queries for IP allow lists Adding some GraphQL queries for managing the IP allow list feature in GitHub.com. These queries include: - a query for getting the IP allow list configuration for an enterprise. - a query for getting the IP allow list configuration for an organization. - a query for adding an IP address to an IP allow list. - a query for removing an IP address from an IP allow list. - a query for enabling an IP allow list. - a query for disabling an IP allow list. --- .../enterprise-get-ip-allow-list.graphql | 25 +++++++++++++++ graphql/queries/ip-allow-list-add-ip.graphql | 31 +++++++++++++++++++ graphql/queries/ip-allow-list-disable.graphql | 21 +++++++++++++ graphql/queries/ip-allow-list-enable.graphql | 21 +++++++++++++ .../ip-allow-list-remove-ip-entry.graphql | 17 ++++++++++ graphql/queries/org-get-ip-allow-list.graphql | 24 ++++++++++++++ 6 files changed, 139 insertions(+) create mode 100644 graphql/queries/enterprise-get-ip-allow-list.graphql create mode 100644 graphql/queries/ip-allow-list-add-ip.graphql create mode 100644 graphql/queries/ip-allow-list-disable.graphql create mode 100644 graphql/queries/ip-allow-list-enable.graphql create mode 100644 graphql/queries/ip-allow-list-remove-ip-entry.graphql create mode 100644 graphql/queries/org-get-ip-allow-list.graphql diff --git a/graphql/queries/enterprise-get-ip-allow-list.graphql b/graphql/queries/enterprise-get-ip-allow-list.graphql new file mode 100644 index 000000000..92d68fdba --- /dev/null +++ b/graphql/queries/enterprise-get-ip-allow-list.graphql @@ -0,0 +1,25 @@ +# Grab current IP allow list settings for an enterprise. +# This includes: +# - The IP allow list entries +# - The IP allow list enabled setting +# - The IP allow list for GitHub Apps enabled setting + +query GetEnterpriseIPAllowList { + enterprise(slug: "ENTERPRISE_SLUG") { + owner_id: id + enterprise_slug: slug + enterprise_owner_info: ownerInfo { + is_ip_allow_list_enabled: ipAllowListEnabledSetting + is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting + ipAllowListEntries(first: 100) { + nodes { + ip_allow_list_entry_id: id + ip_allow_list_entry_name: name + ip_allow_list_entry_value: allowListValue + ip_allow_list_entry_created: createdAt + is_ip_allow_list_entry_active: isActive + } + } + } + } +} diff --git a/graphql/queries/ip-allow-list-add-ip.graphql b/graphql/queries/ip-allow-list-add-ip.graphql new file mode 100644 index 000000000..510289b7e --- /dev/null +++ b/graphql/queries/ip-allow-list-add-ip.graphql @@ -0,0 +1,31 @@ +# This query is used to add an IP address to the IP allow list. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation AddIPAddressToIPAllowList { + createIpAllowListEntry( + input: { + clientMutationId: "true" + ownerId: "OWNER_ID" + name: "DESCRIPTION_OF_IP_ADDRESS" + allowListValue: "IP_ADDRESS" + isActive: true + } + ) { + clientMutationId + ipAllowListEntry { + ip_allow_list_entry_id: id + ip_allow_list_entry_name: name + ip_allow_list_entry_ip_address: allowListValue + ip_allow_list_entry_created: createdAt + ip_allow_list_entry_updated: updatedAt + is_ip_allow_list_entry_active: isActive + } + } +} diff --git a/graphql/queries/ip-allow-list-disable.graphql b/graphql/queries/ip-allow-list-disable.graphql new file mode 100644 index 000000000..df984b56e --- /dev/null +++ b/graphql/queries/ip-allow-list-disable.graphql @@ -0,0 +1,21 @@ +# This query is used to disable the IP allow list feature. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation EnableIPAllowList { + updateIpAllowListEnabledSetting( + input: { + clientMutationId: "true" + ownerId: "OWNER_ID" + settingValue: DISABLED + } + ) { + clientMutationId + } +} diff --git a/graphql/queries/ip-allow-list-enable.graphql b/graphql/queries/ip-allow-list-enable.graphql new file mode 100644 index 000000000..68b0809d3 --- /dev/null +++ b/graphql/queries/ip-allow-list-enable.graphql @@ -0,0 +1,21 @@ +# This query is used to enable the IP allow list feature. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation EnableIPAllowList { + updateIpAllowListEnabledSetting( + input: { + clientMutationId: "true" + ownerId: "OWNER_ID" + settingValue: ENABLED + } + ) { + clientMutationId + } +} diff --git a/graphql/queries/ip-allow-list-remove-ip-entry.graphql b/graphql/queries/ip-allow-list-remove-ip-entry.graphql new file mode 100644 index 000000000..c3cd64484 --- /dev/null +++ b/graphql/queries/ip-allow-list-remove-ip-entry.graphql @@ -0,0 +1,17 @@ +# This query is used to remove an IP allow list entry from the IP allow list. +# This can be used on both organizations and enterprise accounts. +# +# The `IP_ENTRY_ID` is the ID of the IP allow list entry. You can +# get the ID for this by executing either of the following queries +# and referring to the value from `ip_allow_list_entry_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation DeleteIPAddressFromIPAllowList { + deleteIpAllowListEntry( + input: { clientMutationId: "true", ipAllowListEntryId: "IP_ENTRY_ID" } + ) { + clientMutationId + } +} diff --git a/graphql/queries/org-get-ip-allow-list.graphql b/graphql/queries/org-get-ip-allow-list.graphql new file mode 100644 index 000000000..c3f5cc7b9 --- /dev/null +++ b/graphql/queries/org-get-ip-allow-list.graphql @@ -0,0 +1,24 @@ +# Grab current IP allow list settings for an organization. +# This includes: +# - The IP allow list entries +# - The IP allow list enabled setting +# - The IP allow list for GitHub Apps enabled setting + +query GetOrganizationIPAllowList { + organization(login: "ORGANIZATION_SLUG") { + owner_id: id + organization_slug: login + is_ip_allow_list_enabled: ipAllowListEnabledSetting + is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting + ipAllowListEntries(first: 100) { + totalCount + nodes { + ip_allow_list_entry_id: id + ip_allow_list_entry_name: name + ip_allow_list_entry_ip_address: allowListValue + ip_allow_list_entry_created: createdAt + is_ip_allow_list_entry_active: isActive + } + } + } +} From 58cbb382fe8c922981f8fcc0c41260144eb0482f Mon Sep 17 00:00:00 2001 From: Justin Alex Paramanandan <1155821+jusuchin85@users.noreply.github.com> Date: Tue, 19 Nov 2024 13:29:07 +1100 Subject: [PATCH 08/31] Rename existing files to match their scope The previous file names were a bit disorganised (some had numbers in the beginning, while some had the scope between the file name). This commit addresses this to ensure that consumers are able to identify which GraphQL file to look for based on their needs. --- ...identities.graphql => emu-scim-list-scim-identities.graphql} | 0 ...ities.graphql => emu-scim-oidc-list-scim-identities.graphql} | 0 ...erprise-level.graphql => enterprise-saml-identities.graphql} | 0 ...rise.graphql => enterprise-scim-identities-all-orgs.graphql} | 0 ...tion-issue-comment-add.graphql => issue-add-comment.graphql} | 2 +- ...s.graphql => issue-search-for-issue-or-bug-requests.graphql} | 0 ...y.graphql => org-branches-and-commits-by-repository.graphql} | 0 ...bers-commit-msgs.graphql => org-members-commit-msgs.graphql} | 0 ...g-members-variable.graphql => org-members-with-role.graphql} | 0 graphql/queries/{1-org-members.graphql => org-members.graphql} | 0 ...ository.graphql => org-pr-merged-info-by-repository.graphql} | 0 ...rg-repos-fragment-2.graphql => org-repos-fragment-2.graphql} | 0 ...rective-2.graphql => org-repos-fragment-directive-2.graphql} | 0 ...t-directive.graphql => org-repos-fragment-directive.graphql} | 0 ...{4-org-repos-fragment.graphql => org-repos-fragment.graphql} | 0 ...-single-organization.graphql => org-saml-identities.graphql} | 0 ...-single-organization.graphql => org-scim-identities.graphql} | 0 .../{6-org-with-alias.graphql => org-with-alias.graphql} | 0 ...{7-org-with-variables.graphql => org-with-variables.graphql} | 0 ...t-get-issue.graphql => repos-get-last-issue-comment.graphql} | 0 20 files changed, 1 insertion(+), 1 deletion(-) rename graphql/queries/{scim-emu-list-enterprise-scim-identities.graphql => emu-scim-list-scim-identities.graphql} (100%) rename graphql/queries/{scim-emu-enterprises-list-scim-identities.graphql => emu-scim-oidc-list-scim-identities.graphql} (100%) rename graphql/queries/{saml-identities-enterprise-level.graphql => enterprise-saml-identities.graphql} (100%) rename graphql/queries/{scim-identities-all-orgs-in-enterprise.graphql => enterprise-scim-identities-all-orgs.graphql} (100%) rename graphql/queries/{11-mutation-issue-comment-add.graphql => issue-add-comment.graphql} (68%) rename graphql/queries/{search-for-issue-or-bug-requests.graphql => issue-search-for-issue-or-bug-requests.graphql} (100%) rename graphql/queries/{branches-and-commits-by-repository.graphql => org-branches-and-commits-by-repository.graphql} (100%) rename graphql/queries/{3-org-members-commit-msgs.graphql => org-members-commit-msgs.graphql} (100%) rename graphql/queries/{2-org-members-variable.graphql => org-members-with-role.graphql} (100%) rename graphql/queries/{1-org-members.graphql => org-members.graphql} (100%) rename graphql/queries/{pr-merged-info-by-repository.graphql => org-pr-merged-info-by-repository.graphql} (100%) rename graphql/queries/{5-org-repos-fragment-2.graphql => org-repos-fragment-2.graphql} (100%) rename graphql/queries/{9-org-repos-fragment-directive-2.graphql => org-repos-fragment-directive-2.graphql} (100%) rename graphql/queries/{8-org-repos-fragment-directive.graphql => org-repos-fragment-directive.graphql} (100%) rename graphql/queries/{4-org-repos-fragment.graphql => org-repos-fragment.graphql} (100%) rename graphql/queries/{saml-identities-single-organization.graphql => org-saml-identities.graphql} (100%) rename graphql/queries/{scim-identities-single-organization.graphql => org-scim-identities.graphql} (100%) rename graphql/queries/{6-org-with-alias.graphql => org-with-alias.graphql} (100%) rename graphql/queries/{7-org-with-variables.graphql => org-with-variables.graphql} (100%) rename graphql/queries/{10-query-issue-comment-get-issue.graphql => repos-get-last-issue-comment.graphql} (100%) diff --git a/graphql/queries/scim-emu-list-enterprise-scim-identities.graphql b/graphql/queries/emu-scim-list-scim-identities.graphql similarity index 100% rename from graphql/queries/scim-emu-list-enterprise-scim-identities.graphql rename to graphql/queries/emu-scim-list-scim-identities.graphql diff --git a/graphql/queries/scim-emu-enterprises-list-scim-identities.graphql b/graphql/queries/emu-scim-oidc-list-scim-identities.graphql similarity index 100% rename from graphql/queries/scim-emu-enterprises-list-scim-identities.graphql rename to graphql/queries/emu-scim-oidc-list-scim-identities.graphql diff --git a/graphql/queries/saml-identities-enterprise-level.graphql b/graphql/queries/enterprise-saml-identities.graphql similarity index 100% rename from graphql/queries/saml-identities-enterprise-level.graphql rename to graphql/queries/enterprise-saml-identities.graphql diff --git a/graphql/queries/scim-identities-all-orgs-in-enterprise.graphql b/graphql/queries/enterprise-scim-identities-all-orgs.graphql similarity index 100% rename from graphql/queries/scim-identities-all-orgs-in-enterprise.graphql rename to graphql/queries/enterprise-scim-identities-all-orgs.graphql diff --git a/graphql/queries/11-mutation-issue-comment-add.graphql b/graphql/queries/issue-add-comment.graphql similarity index 68% rename from graphql/queries/11-mutation-issue-comment-add.graphql rename to graphql/queries/issue-add-comment.graphql index 58a19361d..864f55a83 100644 --- a/graphql/queries/11-mutation-issue-comment-add.graphql +++ b/graphql/queries/issue-add-comment.graphql @@ -1,4 +1,4 @@ -# Get ISSUE_ID from graphql/queries/10-query-issue-comment-get-issue.graphql +# Get ISSUE_ID from graphql/queries/repos-get-last-issue-comment.graphql mutation { addComment ( diff --git a/graphql/queries/search-for-issue-or-bug-requests.graphql b/graphql/queries/issue-search-for-issue-or-bug-requests.graphql similarity index 100% rename from graphql/queries/search-for-issue-or-bug-requests.graphql rename to graphql/queries/issue-search-for-issue-or-bug-requests.graphql diff --git a/graphql/queries/branches-and-commits-by-repository.graphql b/graphql/queries/org-branches-and-commits-by-repository.graphql similarity index 100% rename from graphql/queries/branches-and-commits-by-repository.graphql rename to graphql/queries/org-branches-and-commits-by-repository.graphql diff --git a/graphql/queries/3-org-members-commit-msgs.graphql b/graphql/queries/org-members-commit-msgs.graphql similarity index 100% rename from graphql/queries/3-org-members-commit-msgs.graphql rename to graphql/queries/org-members-commit-msgs.graphql diff --git a/graphql/queries/2-org-members-variable.graphql b/graphql/queries/org-members-with-role.graphql similarity index 100% rename from graphql/queries/2-org-members-variable.graphql rename to graphql/queries/org-members-with-role.graphql diff --git a/graphql/queries/1-org-members.graphql b/graphql/queries/org-members.graphql similarity index 100% rename from graphql/queries/1-org-members.graphql rename to graphql/queries/org-members.graphql diff --git a/graphql/queries/pr-merged-info-by-repository.graphql b/graphql/queries/org-pr-merged-info-by-repository.graphql similarity index 100% rename from graphql/queries/pr-merged-info-by-repository.graphql rename to graphql/queries/org-pr-merged-info-by-repository.graphql diff --git a/graphql/queries/5-org-repos-fragment-2.graphql b/graphql/queries/org-repos-fragment-2.graphql similarity index 100% rename from graphql/queries/5-org-repos-fragment-2.graphql rename to graphql/queries/org-repos-fragment-2.graphql diff --git a/graphql/queries/9-org-repos-fragment-directive-2.graphql b/graphql/queries/org-repos-fragment-directive-2.graphql similarity index 100% rename from graphql/queries/9-org-repos-fragment-directive-2.graphql rename to graphql/queries/org-repos-fragment-directive-2.graphql diff --git a/graphql/queries/8-org-repos-fragment-directive.graphql b/graphql/queries/org-repos-fragment-directive.graphql similarity index 100% rename from graphql/queries/8-org-repos-fragment-directive.graphql rename to graphql/queries/org-repos-fragment-directive.graphql diff --git a/graphql/queries/4-org-repos-fragment.graphql b/graphql/queries/org-repos-fragment.graphql similarity index 100% rename from graphql/queries/4-org-repos-fragment.graphql rename to graphql/queries/org-repos-fragment.graphql diff --git a/graphql/queries/saml-identities-single-organization.graphql b/graphql/queries/org-saml-identities.graphql similarity index 100% rename from graphql/queries/saml-identities-single-organization.graphql rename to graphql/queries/org-saml-identities.graphql diff --git a/graphql/queries/scim-identities-single-organization.graphql b/graphql/queries/org-scim-identities.graphql similarity index 100% rename from graphql/queries/scim-identities-single-organization.graphql rename to graphql/queries/org-scim-identities.graphql diff --git a/graphql/queries/6-org-with-alias.graphql b/graphql/queries/org-with-alias.graphql similarity index 100% rename from graphql/queries/6-org-with-alias.graphql rename to graphql/queries/org-with-alias.graphql diff --git a/graphql/queries/7-org-with-variables.graphql b/graphql/queries/org-with-variables.graphql similarity index 100% rename from graphql/queries/7-org-with-variables.graphql rename to graphql/queries/org-with-variables.graphql diff --git a/graphql/queries/10-query-issue-comment-get-issue.graphql b/graphql/queries/repos-get-last-issue-comment.graphql similarity index 100% rename from graphql/queries/10-query-issue-comment-get-issue.graphql rename to graphql/queries/repos-get-last-issue-comment.graphql From 0862276bd0e8ef9a6b13df876cbea013fb3285ba Mon Sep 17 00:00:00 2001 From: Justin Alex Paramanandan <1155821+jusuchin85@users.noreply.github.com> Date: Tue, 19 Nov 2024 13:38:33 +1100 Subject: [PATCH 09/31] Use generic variables for orgs and enterprises The existing variables are too specific to the GitHub org. This commit addresses this in the following files: - org-repos-fragment-directive-2.graphql - org-repos-fragment-directive.graphql --- In addition, the following files have references to variable usage, but was not explicitly declared anywhere: - enterprise-saml-identities.graphql - org-branches-and-commits-by-repository.graphql - org-members-by-team.graphql - org-pr-merged-info-by-repository.graphql - repo-get-all-branches.graphql - repos-get-last-issue-comment.graphql I've updated the above files to just use simple strings to replace prior to using the queries in them. --- graphql/queries/enterprise-saml-identities.graphql | 4 ++-- .../queries/org-branches-and-commits-by-repository.graphql | 6 +++--- graphql/queries/org-members-by-team.graphql | 6 +++--- graphql/queries/org-pr-merged-info-by-repository.graphql | 4 ++-- graphql/queries/org-repos-fragment-directive-2.graphql | 2 +- graphql/queries/org-repos-fragment-directive.graphql | 2 +- graphql/queries/repo-get-all-branches.graphql | 6 +++--- graphql/queries/repos-get-last-issue-comment.graphql | 4 ++-- 8 files changed, 17 insertions(+), 17 deletions(-) diff --git a/graphql/queries/enterprise-saml-identities.graphql b/graphql/queries/enterprise-saml-identities.graphql index 22a7b4b94..fb136c86e 100644 --- a/graphql/queries/enterprise-saml-identities.graphql +++ b/graphql/queries/enterprise-saml-identities.graphql @@ -3,8 +3,8 @@ # If the Identity Provider has sent an `emails` attribute/value in a previous SAML response for enterprise member(s), it also possible to add the `emails` attribute in the `samlIdentity` section right below `nameID` and query for this SAML identity attribute value as well. # If there are a large number of identities/users (greater than 100), pagination will need to be used. See https://graphql.org/learn/pagination/ for details on pagination. There is an example of pagination in simple-pagination-example.graphql. -query listSSOUserIdentities($enterpriseSlug: String!) { - enterprise(slug: $enterpriseSlug) { +query listSSOUserIdentities { + enterprise(slug: "ENTERPRISE_SLUG") { ownerInfo { samlIdentityProvider { externalIdentities(first: 100) { diff --git a/graphql/queries/org-branches-and-commits-by-repository.graphql b/graphql/queries/org-branches-and-commits-by-repository.graphql index e22788236..a4d2b2c70 100644 --- a/graphql/queries/org-branches-and-commits-by-repository.graphql +++ b/graphql/queries/org-branches-and-commits-by-repository.graphql @@ -1,7 +1,7 @@ -query getCommitsByBranchByRepo($orgName:String!, $repoName:String!) { - organization(login:$orgName) { +query getCommitsByBranchByRepo { + organization(login: "ORGANIZATION_SLUG") { name - repository(name:$repoName) { + repository(name: "REPO_NAME") { name refs(refPrefix: "refs/heads/", first: 10) { nodes { diff --git a/graphql/queries/org-members-by-team.graphql b/graphql/queries/org-members-by-team.graphql index 2083c785f..bca2d3468 100644 --- a/graphql/queries/org-members-by-team.graphql +++ b/graphql/queries/org-members-by-team.graphql @@ -1,8 +1,8 @@ -query getMembersByTeam($orgName: String!, $teamName: String!) { - organization(login: $orgName) { +query getMembersByTeam { + organization(login: "ORGANIZATION_SLUG") { id name - teams(first: 1, query: $teamName) { + teams(first: 1, query: "TEAM_NAME") { edges { node { id diff --git a/graphql/queries/org-pr-merged-info-by-repository.graphql b/graphql/queries/org-pr-merged-info-by-repository.graphql index 5a2f74c4a..0dfaf6e50 100644 --- a/graphql/queries/org-pr-merged-info-by-repository.graphql +++ b/graphql/queries/org-pr-merged-info-by-repository.graphql @@ -1,5 +1,5 @@ -query getRepoMergedPRDetails($orgName: String!, $repoName: String!) { - repository(owner: $orgName, name: $repoName) { +query getRepoMergedPRDetails { + repository(owner: "ORGANIZATION_SLUG, name: "REPO_NAME") { pullRequests(first: 100, states: MERGED) { pageInfo { endCursor #use this value in the pullRequests argument list diff --git a/graphql/queries/org-repos-fragment-directive-2.graphql b/graphql/queries/org-repos-fragment-directive-2.graphql index 170e7836f..6828a4f17 100644 --- a/graphql/queries/org-repos-fragment-directive-2.graphql +++ b/graphql/queries/org-repos-fragment-directive-2.graphql @@ -1,5 +1,5 @@ query orgInfo($showRepoInfo: Boolean!) { - organization(login: "github") { + organization(login: "ORGANIZATION_SLUG") { ...orgFrag } } diff --git a/graphql/queries/org-repos-fragment-directive.graphql b/graphql/queries/org-repos-fragment-directive.graphql index 12e5bed4a..91b564213 100644 --- a/graphql/queries/org-repos-fragment-directive.graphql +++ b/graphql/queries/org-repos-fragment-directive.graphql @@ -1,5 +1,5 @@ query orgInfo($showRepoInfo: Boolean!) { - organization(login: "github") { + organization(login: "ORGANIZATION_SLUG") { login name repositories @include(if: $showRepoInfo) { diff --git a/graphql/queries/repo-get-all-branches.graphql b/graphql/queries/repo-get-all-branches.graphql index 5563877ee..72e40977a 100644 --- a/graphql/queries/repo-get-all-branches.graphql +++ b/graphql/queries/repo-get-all-branches.graphql @@ -1,6 +1,6 @@ -query getExistingRepoBranches($orgName: String!, $repoName: String!) { - organization(login: $orgName) { - repository(name: $repoName) { +query getExistingRepoBranches { + organization(login: "ORGANIZATION_SLUG") { + repository(name: "REPO_NAME") { id name refs(refPrefix: "refs/heads/", first: 10) { diff --git a/graphql/queries/repos-get-last-issue-comment.graphql b/graphql/queries/repos-get-last-issue-comment.graphql index 96a19cc3c..d202d4fe5 100644 --- a/graphql/queries/repos-get-last-issue-comment.graphql +++ b/graphql/queries/repos-get-last-issue-comment.graphql @@ -1,5 +1,5 @@ -query getRepoIssue($orgName: String!, $repoName: String!) { - repository(owner: $orgName, name: $repoName) { +query getRepoIssue { + repository(owner: "ORGANIZATION_SLUG", name: "REPO_NAME") { issues(last: 1) { edges { node { From aff3f7efa962f74ce329b0a8877f86044e2940a5 Mon Sep 17 00:00:00 2001 From: Justin Alex Paramanandan <1155821+jusuchin85@users.noreply.github.com> Date: Tue, 19 Nov 2024 13:47:20 +1100 Subject: [PATCH 10/31] Update to use a standard organization variable I noticed from another PR that we are using `ORG_NAME` for generic organization variables. This commit updates all the queries to use `ORG_NAME` instead of `ORGANIZATION_SLUG` to be consistent with the rest of the codebase. --- graphql/queries/org-branches-and-commits-by-repository.graphql | 2 +- graphql/queries/org-get-ip-allow-list.graphql | 2 +- graphql/queries/org-members-by-team.graphql | 2 +- graphql/queries/org-pr-merged-info-by-repository.graphql | 2 +- graphql/queries/org-repos-fragment-directive-2.graphql | 2 +- graphql/queries/org-repos-fragment-directive.graphql | 2 +- graphql/queries/repo-get-all-branches.graphql | 2 +- graphql/queries/repos-get-last-issue-comment.graphql | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/graphql/queries/org-branches-and-commits-by-repository.graphql b/graphql/queries/org-branches-and-commits-by-repository.graphql index a4d2b2c70..63f0c7865 100644 --- a/graphql/queries/org-branches-and-commits-by-repository.graphql +++ b/graphql/queries/org-branches-and-commits-by-repository.graphql @@ -1,5 +1,5 @@ query getCommitsByBranchByRepo { - organization(login: "ORGANIZATION_SLUG") { + organization(login: "ORG_NAME") { name repository(name: "REPO_NAME") { name diff --git a/graphql/queries/org-get-ip-allow-list.graphql b/graphql/queries/org-get-ip-allow-list.graphql index c3f5cc7b9..98fb7823b 100644 --- a/graphql/queries/org-get-ip-allow-list.graphql +++ b/graphql/queries/org-get-ip-allow-list.graphql @@ -5,7 +5,7 @@ # - The IP allow list for GitHub Apps enabled setting query GetOrganizationIPAllowList { - organization(login: "ORGANIZATION_SLUG") { + organization(login: "ORG_NAME") { owner_id: id organization_slug: login is_ip_allow_list_enabled: ipAllowListEnabledSetting diff --git a/graphql/queries/org-members-by-team.graphql b/graphql/queries/org-members-by-team.graphql index bca2d3468..e2410b000 100644 --- a/graphql/queries/org-members-by-team.graphql +++ b/graphql/queries/org-members-by-team.graphql @@ -1,5 +1,5 @@ query getMembersByTeam { - organization(login: "ORGANIZATION_SLUG") { + organization(login: "ORG_NAME") { id name teams(first: 1, query: "TEAM_NAME") { diff --git a/graphql/queries/org-pr-merged-info-by-repository.graphql b/graphql/queries/org-pr-merged-info-by-repository.graphql index 0dfaf6e50..c7912af54 100644 --- a/graphql/queries/org-pr-merged-info-by-repository.graphql +++ b/graphql/queries/org-pr-merged-info-by-repository.graphql @@ -1,5 +1,5 @@ query getRepoMergedPRDetails { - repository(owner: "ORGANIZATION_SLUG, name: "REPO_NAME") { + repository(owner: "ORG_NAME, name: "REPO_NAME") { pullRequests(first: 100, states: MERGED) { pageInfo { endCursor #use this value in the pullRequests argument list diff --git a/graphql/queries/org-repos-fragment-directive-2.graphql b/graphql/queries/org-repos-fragment-directive-2.graphql index 6828a4f17..a5927ed56 100644 --- a/graphql/queries/org-repos-fragment-directive-2.graphql +++ b/graphql/queries/org-repos-fragment-directive-2.graphql @@ -1,5 +1,5 @@ query orgInfo($showRepoInfo: Boolean!) { - organization(login: "ORGANIZATION_SLUG") { + organization(login: "ORG_NAME") { ...orgFrag } } diff --git a/graphql/queries/org-repos-fragment-directive.graphql b/graphql/queries/org-repos-fragment-directive.graphql index 91b564213..465df0653 100644 --- a/graphql/queries/org-repos-fragment-directive.graphql +++ b/graphql/queries/org-repos-fragment-directive.graphql @@ -1,5 +1,5 @@ query orgInfo($showRepoInfo: Boolean!) { - organization(login: "ORGANIZATION_SLUG") { + organization(login: "ORG_NAME") { login name repositories @include(if: $showRepoInfo) { diff --git a/graphql/queries/repo-get-all-branches.graphql b/graphql/queries/repo-get-all-branches.graphql index 72e40977a..2fccaf98d 100644 --- a/graphql/queries/repo-get-all-branches.graphql +++ b/graphql/queries/repo-get-all-branches.graphql @@ -1,5 +1,5 @@ query getExistingRepoBranches { - organization(login: "ORGANIZATION_SLUG") { + organization(login: "ORG_NAME") { repository(name: "REPO_NAME") { id name diff --git a/graphql/queries/repos-get-last-issue-comment.graphql b/graphql/queries/repos-get-last-issue-comment.graphql index d202d4fe5..5d5f52264 100644 --- a/graphql/queries/repos-get-last-issue-comment.graphql +++ b/graphql/queries/repos-get-last-issue-comment.graphql @@ -1,5 +1,5 @@ query getRepoIssue { - repository(owner: "ORGANIZATION_SLUG", name: "REPO_NAME") { + repository(owner: "ORG_NAME", name: "REPO_NAME") { issues(last: 1) { edges { node { From 10b3fb70d911117866ee71c446118860f71ee9f3 Mon Sep 17 00:00:00 2001 From: Justin Alex Paramanandan <1155821+jusuchin85@users.noreply.github.com> Date: Wed, 20 Nov 2024 10:31:20 +1100 Subject: [PATCH 11/31] Remove setting the clientMutationId variable This variable is always added, so it is not necessary to set it manually. Reference doc: https://graphql-ruby.org/api-doc/1.8.13/GraphQL/Schema/RelayClassicMutation Thanks to @sn2b for pointing this out! --- .../enterprise-get-ip-allow-list.graphql | 30 ++++++++-------- graphql/queries/ip-allow-list-add-ip.graphql | 34 +++++++++---------- graphql/queries/ip-allow-list-disable.graphql | 23 +++++++------ graphql/queries/ip-allow-list-enable.graphql | 21 ++++++------ .../ip-allow-list-remove-ip-entry.graphql | 8 ++--- graphql/queries/org-get-ip-allow-list.graphql | 30 ++++++++-------- 6 files changed, 72 insertions(+), 74 deletions(-) diff --git a/graphql/queries/enterprise-get-ip-allow-list.graphql b/graphql/queries/enterprise-get-ip-allow-list.graphql index 92d68fdba..1ad6a35c9 100644 --- a/graphql/queries/enterprise-get-ip-allow-list.graphql +++ b/graphql/queries/enterprise-get-ip-allow-list.graphql @@ -5,21 +5,21 @@ # - The IP allow list for GitHub Apps enabled setting query GetEnterpriseIPAllowList { - enterprise(slug: "ENTERPRISE_SLUG") { - owner_id: id - enterprise_slug: slug - enterprise_owner_info: ownerInfo { - is_ip_allow_list_enabled: ipAllowListEnabledSetting - is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting - ipAllowListEntries(first: 100) { - nodes { - ip_allow_list_entry_id: id - ip_allow_list_entry_name: name - ip_allow_list_entry_value: allowListValue - ip_allow_list_entry_created: createdAt - is_ip_allow_list_entry_active: isActive - } - } + enterprise(slug: "ENTERPRISE_SLUG") { + owner_id: id + enterprise_slug: slug + enterprise_owner_info: ownerInfo { + is_ip_allow_list_enabled: ipAllowListEnabledSetting + is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting + ipAllowListEntries(first: 100) { + nodes { + ip_allow_list_entry_id: id + ip_allow_list_entry_name: name + ip_allow_list_entry_value: allowListValue + ip_allow_list_entry_created: createdAt + is_ip_allow_list_entry_active: isActive } + } } + } } diff --git a/graphql/queries/ip-allow-list-add-ip.graphql b/graphql/queries/ip-allow-list-add-ip.graphql index 510289b7e..ab977164f 100644 --- a/graphql/queries/ip-allow-list-add-ip.graphql +++ b/graphql/queries/ip-allow-list-add-ip.graphql @@ -9,23 +9,21 @@ # - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql mutation AddIPAddressToIPAllowList { - createIpAllowListEntry( - input: { - clientMutationId: "true" - ownerId: "OWNER_ID" - name: "DESCRIPTION_OF_IP_ADDRESS" - allowListValue: "IP_ADDRESS" - isActive: true - } - ) { - clientMutationId - ipAllowListEntry { - ip_allow_list_entry_id: id - ip_allow_list_entry_name: name - ip_allow_list_entry_ip_address: allowListValue - ip_allow_list_entry_created: createdAt - ip_allow_list_entry_updated: updatedAt - is_ip_allow_list_entry_active: isActive - } + createIpAllowListEntry( + input: { + ownerId: "OWNER_ID" + name: "DESCRIPTION_OF_IP_ADDRESS" + allowListValue: "IP_ADDRESS" + isActive: true } + ) { + ipAllowListEntry { + ip_allow_list_entry_id: id + ip_allow_list_entry_name: name + ip_allow_list_entry_ip_address: allowListValue + ip_allow_list_entry_created: createdAt + ip_allow_list_entry_updated: updatedAt + is_ip_allow_list_entry_active: isActive + } + } } diff --git a/graphql/queries/ip-allow-list-disable.graphql b/graphql/queries/ip-allow-list-disable.graphql index df984b56e..2b1ecab85 100644 --- a/graphql/queries/ip-allow-list-disable.graphql +++ b/graphql/queries/ip-allow-list-disable.graphql @@ -1,4 +1,4 @@ -# This query is used to disable the IP allow list feature. +# This query is used to disable the IP allow list feature. This will apply to both IP addresses and GitHub Apps. # This can be used on both organizations and enterprise accounts. # # The `OWNER_ID` is the ID of the organization or enterprise account. You can @@ -8,14 +8,15 @@ # - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql # - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql -mutation EnableIPAllowList { - updateIpAllowListEnabledSetting( - input: { - clientMutationId: "true" - ownerId: "OWNER_ID" - settingValue: DISABLED - } - ) { - clientMutationId - } +mutation DisableIPAllowList { + updateIpAllowListEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: DISABLED } + ) { + clientMutationId + } + updateIpAllowListForInstalledAppsEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: DISABLED } + ) { + clientMutationId + } } diff --git a/graphql/queries/ip-allow-list-enable.graphql b/graphql/queries/ip-allow-list-enable.graphql index 68b0809d3..293062536 100644 --- a/graphql/queries/ip-allow-list-enable.graphql +++ b/graphql/queries/ip-allow-list-enable.graphql @@ -1,4 +1,4 @@ -# This query is used to enable the IP allow list feature. +# This query is used to enable the IP allow list feature. This will apply to both IP addresses and GitHub Apps. # This can be used on both organizations and enterprise accounts. # # The `OWNER_ID` is the ID of the organization or enterprise account. You can @@ -9,13 +9,14 @@ # - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql mutation EnableIPAllowList { - updateIpAllowListEnabledSetting( - input: { - clientMutationId: "true" - ownerId: "OWNER_ID" - settingValue: ENABLED - } - ) { - clientMutationId - } + updateIpAllowListEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: ENABLED } + ) { + clientMutationId + } + updateIpAllowListForInstalledAppsEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: ENABLED } + ) { + clientMutationId + } } diff --git a/graphql/queries/ip-allow-list-remove-ip-entry.graphql b/graphql/queries/ip-allow-list-remove-ip-entry.graphql index c3cd64484..fb900a9ed 100644 --- a/graphql/queries/ip-allow-list-remove-ip-entry.graphql +++ b/graphql/queries/ip-allow-list-remove-ip-entry.graphql @@ -9,9 +9,7 @@ # - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql mutation DeleteIPAddressFromIPAllowList { - deleteIpAllowListEntry( - input: { clientMutationId: "true", ipAllowListEntryId: "IP_ENTRY_ID" } - ) { - clientMutationId - } + deleteIpAllowListEntry(input: { ipAllowListEntryId: "IP_ENTRY_ID" }) { + clientMutationId + } } diff --git a/graphql/queries/org-get-ip-allow-list.graphql b/graphql/queries/org-get-ip-allow-list.graphql index 98fb7823b..3921d569d 100644 --- a/graphql/queries/org-get-ip-allow-list.graphql +++ b/graphql/queries/org-get-ip-allow-list.graphql @@ -5,20 +5,20 @@ # - The IP allow list for GitHub Apps enabled setting query GetOrganizationIPAllowList { - organization(login: "ORG_NAME") { - owner_id: id - organization_slug: login - is_ip_allow_list_enabled: ipAllowListEnabledSetting - is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting - ipAllowListEntries(first: 100) { - totalCount - nodes { - ip_allow_list_entry_id: id - ip_allow_list_entry_name: name - ip_allow_list_entry_ip_address: allowListValue - ip_allow_list_entry_created: createdAt - is_ip_allow_list_entry_active: isActive - } - } + organization(login: "ORG_NAME") { + owner_id: id + organization_slug: login + is_ip_allow_list_enabled: ipAllowListEnabledSetting + is_ip_allow_list_for_github_apps_enabled: ipAllowListForInstalledAppsEnabledSetting + ipAllowListEntries(first: 100) { + totalCount + nodes { + ip_allow_list_entry_id: id + ip_allow_list_entry_name: name + ip_allow_list_entry_ip_address: allowListValue + ip_allow_list_entry_created: createdAt + is_ip_allow_list_entry_active: isActive + } } + } } From 68de17190ed7d680005da1aeeed9c078682f0e91 Mon Sep 17 00:00:00 2001 From: Justin Alex Paramanandan <1155821+jusuchin85@users.noreply.github.com> Date: Wed, 20 Nov 2024 10:33:18 +1100 Subject: [PATCH 12/31] Add additional enabling/disabling IP allow lists Added new queries to separately enable and disable IP allow lists for GitHub Apps only and IP addresses only. --- ...-allow-list-disable-github-apps-only.graphql | 17 +++++++++++++++++ ...p-allow-list-disable-ip-address-only.graphql | 17 +++++++++++++++++ ...p-allow-list-enable-github-apps-only.graphql | 17 +++++++++++++++++ ...ip-allow-list-enable-ip-address-only.graphql | 17 +++++++++++++++++ 4 files changed, 68 insertions(+) create mode 100644 graphql/queries/ip-allow-list-disable-github-apps-only.graphql create mode 100644 graphql/queries/ip-allow-list-disable-ip-address-only.graphql create mode 100644 graphql/queries/ip-allow-list-enable-github-apps-only.graphql create mode 100644 graphql/queries/ip-allow-list-enable-ip-address-only.graphql diff --git a/graphql/queries/ip-allow-list-disable-github-apps-only.graphql b/graphql/queries/ip-allow-list-disable-github-apps-only.graphql new file mode 100644 index 000000000..0a27a261e --- /dev/null +++ b/graphql/queries/ip-allow-list-disable-github-apps-only.graphql @@ -0,0 +1,17 @@ +# This query is used to disable the IP allow list feature. This will apply to GitHub Apps only. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation DisableIPAllowListForGitHubAppsOnly { + updateIpAllowListForInstalledAppsEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: DISABLED } + ) { + clientMutationId + } +} diff --git a/graphql/queries/ip-allow-list-disable-ip-address-only.graphql b/graphql/queries/ip-allow-list-disable-ip-address-only.graphql new file mode 100644 index 000000000..0fe79f496 --- /dev/null +++ b/graphql/queries/ip-allow-list-disable-ip-address-only.graphql @@ -0,0 +1,17 @@ +# This query is used to disable the IP allow list feature. This will apply to IP addresses only. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation DisableAllowListForIpsOnly { + updateIpAllowListEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: DISABLED } + ) { + clientMutationId + } +} diff --git a/graphql/queries/ip-allow-list-enable-github-apps-only.graphql b/graphql/queries/ip-allow-list-enable-github-apps-only.graphql new file mode 100644 index 000000000..8d3e1ead2 --- /dev/null +++ b/graphql/queries/ip-allow-list-enable-github-apps-only.graphql @@ -0,0 +1,17 @@ +# This query is used to enable the IP allow list feature. This will apply to GitHub Apps only. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation EnableIPAllowListForGitHubAppsOnly { + updateIpAllowListForInstalledAppsEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: ENABLED } + ) { + clientMutationId + } +} diff --git a/graphql/queries/ip-allow-list-enable-ip-address-only.graphql b/graphql/queries/ip-allow-list-enable-ip-address-only.graphql new file mode 100644 index 000000000..e1eff4e79 --- /dev/null +++ b/graphql/queries/ip-allow-list-enable-ip-address-only.graphql @@ -0,0 +1,17 @@ +# This query is used to enable the IP allow list feature. This will apply to IP addresses only. +# This can be used on both organizations and enterprise accounts. +# +# The `OWNER_ID` is the ID of the organization or enterprise account. You can +# get the ID of an organization or enterprise account by executing either of +# the following queries and referring to the value from `owner_id` field: +# +# - organizations: https://github.com/github/platform-samples/blob/master/graphql/queries/org-get-ip-allow-list.graphql +# - enterprise accounts: https://github.com/github/platform-samples/blob/master/graphql/queries/enterprise-get-ip-allow-list.graphql + +mutation EnableAllowListForIpsOnly { + updateIpAllowListEnabledSetting( + input: { ownerId: "OWNER_ID", settingValue: ENABLED } + ) { + clientMutationId + } +} From 65fdcc5646c441d8397be67133d9d9f26c5aa1e3 Mon Sep 17 00:00:00 2001 From: bss-mc Date: Mon, 25 Nov 2024 17:47:22 +0900 Subject: [PATCH 13/31] Create `.graphql` files for checking 2FA status of enterprise members / OCs Initial creation of 6 `graphql` files: - Ent members with no 2FA - Ent members with insecure 2FA options - Ent members with secure 2FA - OCs with no 2FA - OCs with insecure 2FA options - OCs with secure 2FA --- .../enterprise-members-2fa-disabled.graphql | 28 +++++++++++++++++++ .../enterprise-members-2fa-insecure.graphql | 28 +++++++++++++++++++ .../enterprise-members-2fa-secure.graphql | 28 +++++++++++++++++++ ...outside-collaborators-2fa-disabled.graphql | 25 +++++++++++++++++ ...outside-collaborators-2fa-insecure.graphql | 25 +++++++++++++++++ ...e-outside-collaborators-2fa-secure.graphql | 25 +++++++++++++++++ 6 files changed, 159 insertions(+) create mode 100644 graphql/queries/enterprise-members-2fa-disabled.graphql create mode 100644 graphql/queries/enterprise-members-2fa-insecure.graphql create mode 100644 graphql/queries/enterprise-members-2fa-secure.graphql create mode 100644 graphql/queries/enterprise-outside-collaborators-2fa-disabled.graphql create mode 100644 graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql create mode 100644 graphql/queries/enterprise-outside-collaborators-2fa-secure.graphql diff --git a/graphql/queries/enterprise-members-2fa-disabled.graphql b/graphql/queries/enterprise-members-2fa-disabled.graphql new file mode 100644 index 000000000..207ebeeb0 --- /dev/null +++ b/graphql/queries/enterprise-members-2fa-disabled.graphql @@ -0,0 +1,28 @@ +# This GraphQL query will list any enterprise members who have yet to enable 2FA on their personal GitHub account. +# This does not list any outside collaborators, and will not work with Enterprise Managed Users other than the setup user. + +query GetEnterpriseMembersWith2faDisabled { + enterprise(slug: "ENTERPRISE_SLUG") { + enterprise_id: id + enterprise_slug: slug + members_with_no_2fa: members( + first: 100 + twoFactorMethodSecurity: DISABLED + ) { + num_of_members: totalCount + edges { + node { + ... on EnterpriseUserAccount { + login + } + } + } + pageInfo { + endCursor + startCursor + hasNextPage + hasPreviousPage + } + } + } +} \ No newline at end of file diff --git a/graphql/queries/enterprise-members-2fa-insecure.graphql b/graphql/queries/enterprise-members-2fa-insecure.graphql new file mode 100644 index 000000000..b30757f17 --- /dev/null +++ b/graphql/queries/enterprise-members-2fa-insecure.graphql @@ -0,0 +1,28 @@ +# This GraphQL query will list any enterprise members who have enabled 2FA on their GitHub account, but amongst their 2FA methods is SMS (which is deemed insecure). +# This does not list any outside collaborators, and will not work with Enterprise Managed Users other than the setup user. + +query GetEnterpriseMembersWithInsecure2fa { + enterprise(slug: "ENTERPRISE_SLUG") { + enterprise_id: id + enterprise_slug: slug + members_with_insecure_2fa: members( + first: 100 + twoFactorMethodSecurity: INSECURE + ) { + num_of_members: totalCount + edges { + node { + ... on EnterpriseUserAccount { + login + } + } + } + pageInfo { + endCursor + startCursor + hasNextPage + hasPreviousPage + } + } + } +} \ No newline at end of file diff --git a/graphql/queries/enterprise-members-2fa-secure.graphql b/graphql/queries/enterprise-members-2fa-secure.graphql new file mode 100644 index 000000000..0c02797bd --- /dev/null +++ b/graphql/queries/enterprise-members-2fa-secure.graphql @@ -0,0 +1,28 @@ +# This GraphQL query will list any enterprise members who have enabled 2FA on their GitHub account with a secure (non-SMS) method. +# This does not list any outside collaborators, and will not work with Enterprise Managed Users other than the setup user. + +query GetEnterpriseMembersWithSecure2fa { + enterprise(slug: "ENTERPRISE_SLUG") { + enterprise_id: id + enterprise_slug: slug + members_with_secure_2fa: members( + first: 100 + twoFactorMethodSecurity: SECURE + ) { + num_of_members: totalCount + edges { + node { + ... on EnterpriseUserAccount { + login + } + } + } + pageInfo { + endCursor + startCursor + hasNextPage + hasPreviousPage + } + } + } +} \ No newline at end of file diff --git a/graphql/queries/enterprise-outside-collaborators-2fa-disabled.graphql b/graphql/queries/enterprise-outside-collaborators-2fa-disabled.graphql new file mode 100644 index 000000000..e778b6f6d --- /dev/null +++ b/graphql/queries/enterprise-outside-collaborators-2fa-disabled.graphql @@ -0,0 +1,25 @@ +# This GraphQL query will list any outside collaborators in an enterprise who have yet to enable 2FA on their GitHub account. + +query GetEnterpriseollaboratorsWith2faDisabled { + enterprise(slug: "ENTERPRISE_SLUG") { + enterprise_id: id + enterprise_slug: slug + enterprise_owner_info: ownerInfo { + collaborators_with_no_2fa: outsideCollaborators( + twoFactorMethodSecurity: DISABLED + first: 100 + ) { + num_of_collaborators: totalCount + nodes { + login + } + pageInfo { + endCursor + startCursor + hasNextPage + hasPreviousPage + } + } + } + } +} \ No newline at end of file diff --git a/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql b/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql new file mode 100644 index 000000000..6fde86714 --- /dev/null +++ b/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql @@ -0,0 +1,25 @@ +# This GraphQL query will list any outside collaborators in an enterprise who have enabled 2FA on their GitHub account, but amongst the 2FA methods is SMS (which is deemed insecure). + +query GetEnterpriseCollaboratorsWithInsecure2fa { + enterprise(slug: "ENTERPRISE_SLUG") { + enterprise_id: id + enterprise_slug: slug + enterprise_owner_info: ownerInfo { + collaborators_with_insecure_2fa: outsideCollaborators( + twoFactorMethodSecurity: INSECURE + first: 1 + ) { + num_of_collaborators: totalCount + nodes { + login + } + pageInfo { + endCursor + startCursor + hasNextPage + hasPreviousPage + } + } + } + } +} \ No newline at end of file diff --git a/graphql/queries/enterprise-outside-collaborators-2fa-secure.graphql b/graphql/queries/enterprise-outside-collaborators-2fa-secure.graphql new file mode 100644 index 000000000..a3565196e --- /dev/null +++ b/graphql/queries/enterprise-outside-collaborators-2fa-secure.graphql @@ -0,0 +1,25 @@ +# This GraphQL query will list any outside collaborators in an enterprise who have enabled 2FA on their GitHub account with a secure (non-SMS) method. + +query GetEnterpriseCollaboratorsWithSecure2fa { + enterprise(slug: "ENTERPRISE_SLUG") { + enterprise_id: id + enterprise_slug: slug + enterprise_owner_info: ownerInfo { + collaborators_with_secure_2fa: outsideCollaborators( + twoFactorMethodSecurity: SECURE + first: 100 + ) { + num_of_collaborators: totalCount + nodes { + login + } + pageInfo { + endCursor + startCursor + hasNextPage + hasPreviousPage + } + } + } + } +} \ No newline at end of file From c390d9bd8d6317e6846f23fa01fccba05e66e10d Mon Sep 17 00:00:00 2001 From: bss-mc <117171930+bss-mc@users.noreply.github.com> Date: Tue, 26 Nov 2024 09:41:33 +0900 Subject: [PATCH 14/31] Update graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql Update OC insecure 2FA to increase results returned from 1 to 100. Co-authored-by: Justin Alex <1155821+jusuchin85@users.noreply.github.com> --- .../enterprise-outside-collaborators-2fa-insecure.graphql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql b/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql index 6fde86714..b691eddbd 100644 --- a/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql +++ b/graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql @@ -7,7 +7,7 @@ query GetEnterpriseCollaboratorsWithInsecure2fa { enterprise_owner_info: ownerInfo { collaborators_with_insecure_2fa: outsideCollaborators( twoFactorMethodSecurity: INSECURE - first: 1 + first: 100 ) { num_of_collaborators: totalCount nodes { From bdd3375dd5c016ec9582d99357367b62b22ffb93 Mon Sep 17 00:00:00 2001 From: Pandatabe223 <91859306+Pandatabe223@users.noreply.github.com> Date: Thu, 2 Jan 2025 01:32:51 +0200 Subject: [PATCH 15/31] Create devcontainer.json --- .devcontainer/devcontainer.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 000000000..ad93c14a0 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,5 @@ +{ + "image": "mcr.microsoft.com/devcontainers/universal:2", + "features": { + } +} From 540245094f0d26d59dc872bb9650d9ee7b445187 Mon Sep 17 00:00:00 2001 From: Stacy Carter Date: Fri, 28 Feb 2025 16:51:24 -0500 Subject: [PATCH 16/31] Create org-saml-identities-filtered-by-nameid-username.graphql --- ...tities-filtered-by-nameid-username.graphql | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql diff --git a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql new file mode 100644 index 000000000..e0632abb7 --- /dev/null +++ b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql @@ -0,0 +1,27 @@ +# You will need to replace and with the actual GitHub organization name and the SAML `NameID` value that you're searching stored external identities for in the GitHub organization. +# For GitHub Enterprise Cloud organizations that have SAML configured at the organization level, this will query the stored SAML `nameId` and SCIM `userName` external identity values in the GitHub organization, and if one is found that matches the value specified for ``, it will print out the SAML `nameId` and GitHub username for that stored external identity. + +# This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. +# Pagination shouldn't be needed since there shouldn't be multiple entries that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql. + +query OrganizationIdentitiesBySAMLNameID { + organization(login: ) { + samlIdentityProvider { + externalIdentities(userName:"", first: 25) { + edges { + node { + samlIdentity { + nameId + } + user { + login + } + } + } + pageInfo { + endCursor + } + } + } + } +} From c927d550a8f1aa4e20974fa1dc041c999167d9c8 Mon Sep 17 00:00:00 2001 From: Stacy Carter Date: Fri, 28 Feb 2025 16:55:59 -0500 Subject: [PATCH 17/31] Create enterprise-saml-identities-filtered-by-nameid.graphql --- ...saml-identities-filtered-by-nameid.graphql | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql diff --git a/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql new file mode 100644 index 000000000..aadc07be1 --- /dev/null +++ b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql @@ -0,0 +1,47 @@ +# You will need to replace and with the actual GitHub enterprise slug and the SAML `NameID` value that you're searching stored external identities for in the GitHub enterprise. +# For GitHub Enterprise Cloud enterprises that have SAML configured at the enterprise level, this will query the stored SAML `nameId` external identity values in the GitHub enterprise, and if one is found that matches the value specified for ``, it will print out the SAML `nameId` and GitHub username for that stored external identity. + +# This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. +# Pagination shouldn't be needed since there shouldn't be multiple entries in the enterprise that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql. + + +query EnterpriseIdentitiesBySAMLNameID { + enterprise(slug:"") { + name + members(query:"", first:25) { + totalCount + pageInfo { + hasNextPage + startCursor + endCursor + } + nodes{ + ...on EnterpriseUserAccount { + id + login + createdAt + } + } + } + ownerInfo { + samlIdentityProvider { + externalIdentities(userName:"", first: 25) { + totalCount + pageInfo { + hasNextPage + startCursor + endCursor + } + nodes{ + samlIdentity { + nameId + } + user { + login + } + } + } + } + } + } +} From 08b0ad9f77e17eaea040daa69f1289e94419cdea Mon Sep 17 00:00:00 2001 From: Stacy Carter Date: Fri, 28 Feb 2025 16:56:41 -0500 Subject: [PATCH 18/31] Clarify pagination comment in GraphQL query --- .../org-saml-identities-filtered-by-nameid-username.graphql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql index e0632abb7..6d28b82b9 100644 --- a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql +++ b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql @@ -2,7 +2,7 @@ # For GitHub Enterprise Cloud organizations that have SAML configured at the organization level, this will query the stored SAML `nameId` and SCIM `userName` external identity values in the GitHub organization, and if one is found that matches the value specified for ``, it will print out the SAML `nameId` and GitHub username for that stored external identity. # This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. -# Pagination shouldn't be needed since there shouldn't be multiple entries that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql. +# Pagination shouldn't be needed since there shouldn't be multiple entries in the organization that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql. query OrganizationIdentitiesBySAMLNameID { organization(login: ) { From d4a7f81fddecff9c1b74591f1a3e1504733c32c2 Mon Sep 17 00:00:00 2001 From: Stacy Carter Date: Fri, 28 Feb 2025 18:17:06 -0500 Subject: [PATCH 19/31] Update GraphQL query for SAML identities --- ...saml-identities-filtered-by-nameid.graphql | 42 +++++++------------ 1 file changed, 15 insertions(+), 27 deletions(-) diff --git a/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql index aadc07be1..b5cbe92e5 100644 --- a/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql +++ b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql @@ -1,45 +1,33 @@ -# You will need to replace and with the actual GitHub enterprise slug and the SAML `NameID` value that you're searching stored external identities for in the GitHub enterprise. +# You will need to replace and with the actual GitHub enterprise slug and the SAML `NameID` value that you're searching stored external identities for in the GitHub enterprise. # For GitHub Enterprise Cloud enterprises that have SAML configured at the enterprise level, this will query the stored SAML `nameId` external identity values in the GitHub enterprise, and if one is found that matches the value specified for ``, it will print out the SAML `nameId` and GitHub username for that stored external identity. +# Note that the query below will not tell you if the GitHub username/account associated with this linked identity is still a member of the enterprise. Enterprise owners can navigate to the Enterprise > People > Members UI and search for the user to determine this, or perform a different GraphQL query using the https://docs.github.com/en/enterprise-cloud@latest/graphql/reference/objects#enterprise object with the members(query:"") filter. + # This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. # Pagination shouldn't be needed since there shouldn't be multiple entries in the enterprise that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql. query EnterpriseIdentitiesBySAMLNameID { - enterprise(slug:"") { - name - members(query:"", first:25) { - totalCount - pageInfo { - hasNextPage - startCursor - endCursor - } - nodes{ - ...on EnterpriseUserAccount { - id - login - createdAt - } - } - } + enterprise(slug: "") { ownerInfo { samlIdentityProvider { externalIdentities(userName:"", first: 25) { totalCount + edges { + node { + guid + samlIdentity { + nameId + } + user { + login + } + } + } pageInfo { hasNextPage - startCursor endCursor } - nodes{ - samlIdentity { - nameId - } - user { - login - } - } } } } From f971463641bcc64534ece78f1db190ec8ada1022 Mon Sep 17 00:00:00 2001 From: Stacy Carter Date: Fri, 28 Feb 2025 18:26:00 -0500 Subject: [PATCH 20/31] Add note about GitHub username membership status --- .../org-saml-identities-filtered-by-nameid-username.graphql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql index 6d28b82b9..61749ebd8 100644 --- a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql +++ b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql @@ -1,11 +1,13 @@ # You will need to replace and with the actual GitHub organization name and the SAML `NameID` value that you're searching stored external identities for in the GitHub organization. # For GitHub Enterprise Cloud organizations that have SAML configured at the organization level, this will query the stored SAML `nameId` and SCIM `userName` external identity values in the GitHub organization, and if one is found that matches the value specified for ``, it will print out the SAML `nameId` and GitHub username for that stored external identity. +# Note that the query below will not tell you if the GitHub username/account associated with this linked identity is still a member of the organization. Organization owners can navigate to the Organization > People > Members UI and search for the user to determine this. + # This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. # Pagination shouldn't be needed since there shouldn't be multiple entries in the organization that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql. query OrganizationIdentitiesBySAMLNameID { - organization(login: ) { + organization(login: "") { samlIdentityProvider { externalIdentities(userName:"", first: 25) { edges { From 95663e215b64cd5a7a2712ca8df815ed07945349 Mon Sep 17 00:00:00 2001 From: David Losert Date: Mon, 28 Apr 2025 07:47:44 +0200 Subject: [PATCH 21/31] Updates hooks section to mention rulesets --- pre-receive-hooks/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 21dd07d82..0839b3d6a 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -1,5 +1,8 @@ ## Pre-receive hooks +> [!IMPORTANT] +> Many of the hooks mentioned in this article can now be natively implemented through GitHub Enterprise's [Rulesets](https://docs.github.com/en/enterprise-server@3.16/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) and [Secret Protection](https://docs.github.com/en/enterprise-server@3.16/code-security/secret-scanning/introduction/about-secret-scanning) (requires GitHub Advanced Security) features. With it, you have the same effect as hooks, but in a more controlled, auditable and performant fashion, so we highly recommend looking at these before you implement pre-receive hooks. + ### tl;dr This directory contains examples for [pre-receive hooks ](https://help.github.com/enterprise/user/articles/working-with-pre-receive-hooks/) which are a [GitHub Enterprise feature](https://developer.github.com/v3/enterprise/pre_receive_hooks/) to block unwanted commits before they even reach your repository. From d2d09de9e2e951b866ace4782751b9e65cbfe01f Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Thu, 17 Jul 2025 14:09:53 +0930 Subject: [PATCH 22/31] Update links in README for pre-receive hooks documentation... ...to reflect the latest GitHub documentation URLs and best practices. --- pre-receive-hooks/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 0839b3d6a..2034dc72b 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -5,7 +5,7 @@ ### tl;dr -This directory contains examples for [pre-receive hooks ](https://help.github.com/enterprise/user/articles/working-with-pre-receive-hooks/) which are a [GitHub Enterprise feature](https://developer.github.com/v3/enterprise/pre_receive_hooks/) to block unwanted commits before they even reach your repository. +This directory contains examples for [pre-receive hooks ](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks) which are a [GitHub Enterprise feature](https://developer.github.com/v3/enterprise/pre_receive_hooks/) to block unwanted commits before they even reach your repository. If you have a great example for a pre-receive hook you used with GitHub Enterprise that is not yet part of this directory, create a pull request and we will happily review it. @@ -13,9 +13,9 @@ While blocking commits at push time using pre-receive-hooks seems like an awesom ### Pre-receive hooks - The longer story -As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://help.github.com/enterprise/user/articles/working-with-pre-receive-hooks/). [Pre-receive hooks](https://help.github.com/enterprise/user/articles/working-with-pre-receive-hooks/) run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. +As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks) run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. -Your GitHub Enterprise site administrator can [create and remove pre-receive hooks](https://help.github.com/enterprise/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-appliance/) for your organization or repository, and may allow organization or repository administrators to enable or disable pre-receive hooks. GitHub Enterprise allows you to [develop and test](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/) all scripts locally in a [pre-receive hook environment](https://help.github.com/enterprise/2.6/admin/guides/developer-workflow/creating-a-pre-receive-hook-environment/). +Your GitHub Enterprise site administrator can [create and remove pre-receive hooks](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance) for your organization or repository, and may allow organization or repository administrators to enable or disable pre-receive hooks. GitHub Enterprise allows you to [develop and test](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script) all scripts locally in a [pre-receive hook environment](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). Examples of pre-receive hooks: * Require commit messages to follow a specific pattern or format, such as including a valid ticket number or being over a certain length. @@ -28,13 +28,13 @@ You can find examples on how to write pre-receive hooks on the [Pro Git website] ### Think twice before you deploy a pre-receive hook -GitHub recommends a cautious and thoughtful approach when applying mechanisms like pre-receive hooks that can block Git push operations. Blocking pushes right away typically prevents contribution and visibility into proposed changes. We think it's best that individuals collaborate with each other to identify and fix any problems after changes have been proposed. Even some of our largest customers have found that a subtle shift to [non-blocking web-hooks](https://help.github.com/enterprise/admin/guides/developer-workflow/using-webhooks-for-continuous-integration/) allowed more individuals to contribute and provided more opportunities for learning and collaboration. Combined with asynchronous collaboration workflows like [GitHubFlow](https://guides.github.com/introduction/flow/), non-blocking web-hooks typically resulted in higher-quality output. +GitHub recommends a cautious and thoughtful approach when applying mechanisms like pre-receive hooks that can block Git push operations. Blocking pushes right away typically prevents contribution and visibility into proposed changes. We think it's best that individuals collaborate with each other to identify and fix any problems after changes have been proposed. Even some of our largest customers have found that a subtle shift to [non-blocking web-hooks](https://docs.github.com/en/enterprise-server/webhooks/about-webhooks) allowed more individuals to contribute and provided more opportunities for learning and collaboration. Combined with asynchronous collaboration workflows like [GitHubFlow](https://guides.github.com/introduction/flow/), non-blocking web-hooks typically resulted in higher-quality output. That said, we understand there may be compliance or other organizational reasons to incorporate pre-receive hooks into a development workflow, e.g. ensuring that sensitive information is not included as part of pushed commits. ### Performance, stability and workflow implications of pre-receive hooks -Pre-receive hooks can have unintended effects on the performance of the GitHub Enterprise appliance and should be carefully [implemented and reviewed](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/). A misconfigured pre-receive hook may block all developers from contributing/pushing to a repository or consume all system resources on the appliance. +Pre-receive hooks can have unintended effects on the performance of the GitHub Enterprise appliance and should be carefully [implemented and reviewed](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). A misconfigured pre-receive hook may block all developers from contributing/pushing to a repository or consume all system resources on the appliance. Running scripts will be automatically terminated after 5 seconds (blocking the push). Consequently, pre-receive hooks should not rely on the results of external systems that may not be always available or on any other potentially blocking resource. As any negative exit code of a pre-receive hook will reject the associated push attempt, your scripts should handle unforeseen standard input and environment variable values in a robust way. From edfa3da5cd65d6019f8388c453dfb3497c0dd56b Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Sat, 19 Jul 2025 15:39:15 +0930 Subject: [PATCH 23/31] Update pre-receive-hooks/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 2034dc72b..8ea7a3491 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -13,7 +13,7 @@ While blocking commits at push time using pre-receive-hooks seems like an awesom ### Pre-receive hooks - The longer story -As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks) run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. +As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks). Pre-receive hooks run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. Your GitHub Enterprise site administrator can [create and remove pre-receive hooks](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance) for your organization or repository, and may allow organization or repository administrators to enable or disable pre-receive hooks. GitHub Enterprise allows you to [develop and test](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script) all scripts locally in a [pre-receive hook environment](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). From d1107e4e91d6f0f837e86f79cb6a84d4d9b5e025 Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Sat, 19 Jul 2025 15:39:33 +0930 Subject: [PATCH 24/31] Update pre-receive-hooks/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 8ea7a3491..52fa1586d 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -34,7 +34,7 @@ That said, we understand there may be compliance or other organizational reasons ### Performance, stability and workflow implications of pre-receive hooks -Pre-receive hooks can have unintended effects on the performance of the GitHub Enterprise appliance and should be carefully [implemented and reviewed](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). A misconfigured pre-receive hook may block all developers from contributing/pushing to a repository or consume all system resources on the appliance. +Pre-receive hooks can have unintended effects on the performance of the GitHub Enterprise appliance and should be carefully [created in a pre-receive hook environment](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). A misconfigured pre-receive hook may block all developers from contributing/pushing to a repository or consume all system resources on the appliance. Running scripts will be automatically terminated after 5 seconds (blocking the push). Consequently, pre-receive hooks should not rely on the results of external systems that may not be always available or on any other potentially blocking resource. As any negative exit code of a pre-receive hook will reject the associated push attempt, your scripts should handle unforeseen standard input and environment variable values in a robust way. From f333626d6081f7d3a8fbd5060d7a13202c0afc1f Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Mon, 18 Aug 2025 15:05:16 +0930 Subject: [PATCH 25/31] Update pre-receive-hooks/README.md Co-authored-by: Justin Alex <1155821+jusuchin85@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 52fa1586d..f7271e15a 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -5,7 +5,7 @@ ### tl;dr -This directory contains examples for [pre-receive hooks ](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks) which are a [GitHub Enterprise feature](https://developer.github.com/v3/enterprise/pre_receive_hooks/) to block unwanted commits before they even reach your repository. +This directory contains examples for [pre-receive hooks ](https://docs.github.com/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks) which are a [GitHub Enterprise feature](https://developer.github.com/v3/enterprise/pre_receive_hooks/) to block unwanted commits before they even reach your repository. If you have a great example for a pre-receive hook you used with GitHub Enterprise that is not yet part of this directory, create a pull request and we will happily review it. From 0cc60d16e6ae25b41ff9a1ab6644187b374a920e Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Mon, 18 Aug 2025 15:05:27 +0930 Subject: [PATCH 26/31] Update pre-receive-hooks/README.md Co-authored-by: Justin Alex <1155821+jusuchin85@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index f7271e15a..3bcdf1d40 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -15,7 +15,7 @@ While blocking commits at push time using pre-receive-hooks seems like an awesom As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks). Pre-receive hooks run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. -Your GitHub Enterprise site administrator can [create and remove pre-receive hooks](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance) for your organization or repository, and may allow organization or repository administrators to enable or disable pre-receive hooks. GitHub Enterprise allows you to [develop and test](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script) all scripts locally in a [pre-receive hook environment](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). +Your GitHub Enterprise site administrator can [create and remove pre-receive hooks](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance) for your organization or repository, and may allow organization or repository administrators to enable or disable pre-receive hooks. GitHub Enterprise allows you to [develop and test](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script) all scripts locally in a [pre-receive hook environment](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). Examples of pre-receive hooks: * Require commit messages to follow a specific pattern or format, such as including a valid ticket number or being over a certain length. From 5354bfec3a74f1ee088fa7579f38c6678b4cc392 Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Mon, 18 Aug 2025 15:05:46 +0930 Subject: [PATCH 27/31] Update pre-receive-hooks/README.md Co-authored-by: Justin Alex <1155821+jusuchin85@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 3bcdf1d40..b921c0e04 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -13,7 +13,7 @@ While blocking commits at push time using pre-receive-hooks seems like an awesom ### Pre-receive hooks - The longer story -As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://docs.github.com/en/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks). Pre-receive hooks run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. +As of GitHub Enterprise 2.6 we [support pre-receive hooks](https://docs.github.com/enterprise-server/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/working-with-pre-receive-hooks). Pre-receive hooks run tests on code pushed to a repository to ensure contributions meet repository or organization policy. If the commits pass the tests, the push will be accepted into the repository. If the commits do not pass the tests, the push will not be accepted. Your GitHub Enterprise site administrator can [create and remove pre-receive hooks](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-your-instance) for your organization or repository, and may allow organization or repository administrators to enable or disable pre-receive hooks. GitHub Enterprise allows you to [develop and test](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script) all scripts locally in a [pre-receive hook environment](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). From 6407d61a27438c62bb21fab47b59cbf5084725f9 Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Mon, 18 Aug 2025 15:05:57 +0930 Subject: [PATCH 28/31] Update pre-receive-hooks/README.md Co-authored-by: Justin Alex <1155821+jusuchin85@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index b921c0e04..5b79d33b7 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -28,7 +28,7 @@ You can find examples on how to write pre-receive hooks on the [Pro Git website] ### Think twice before you deploy a pre-receive hook -GitHub recommends a cautious and thoughtful approach when applying mechanisms like pre-receive hooks that can block Git push operations. Blocking pushes right away typically prevents contribution and visibility into proposed changes. We think it's best that individuals collaborate with each other to identify and fix any problems after changes have been proposed. Even some of our largest customers have found that a subtle shift to [non-blocking web-hooks](https://docs.github.com/en/enterprise-server/webhooks/about-webhooks) allowed more individuals to contribute and provided more opportunities for learning and collaboration. Combined with asynchronous collaboration workflows like [GitHubFlow](https://guides.github.com/introduction/flow/), non-blocking web-hooks typically resulted in higher-quality output. +GitHub recommends a cautious and thoughtful approach when applying mechanisms like pre-receive hooks that can block Git push operations. Blocking pushes right away typically prevents contribution and visibility into proposed changes. We think it's best that individuals collaborate with each other to identify and fix any problems after changes have been proposed. Even some of our largest customers have found that a subtle shift to [non-blocking web-hooks](https://docs.github.com/enterprise-server/webhooks/about-webhooks) allowed more individuals to contribute and provided more opportunities for learning and collaboration. Combined with asynchronous collaboration workflows like [GitHubFlow](https://guides.github.com/introduction/flow/), non-blocking web-hooks typically resulted in higher-quality output. That said, we understand there may be compliance or other organizational reasons to incorporate pre-receive hooks into a development workflow, e.g. ensuring that sensitive information is not included as part of pushed commits. From 94179ddc75e57311e09853c93197cb4acbdb8d63 Mon Sep 17 00:00:00 2001 From: Gennaro Palma <89228935+gennaropalma@users.noreply.github.com> Date: Mon, 18 Aug 2025 15:06:12 +0930 Subject: [PATCH 29/31] Update pre-receive-hooks/README.md Co-authored-by: Justin Alex <1155821+jusuchin85@users.noreply.github.com> --- pre-receive-hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-receive-hooks/README.md b/pre-receive-hooks/README.md index 5b79d33b7..f09dd2c31 100644 --- a/pre-receive-hooks/README.md +++ b/pre-receive-hooks/README.md @@ -34,7 +34,7 @@ That said, we understand there may be compliance or other organizational reasons ### Performance, stability and workflow implications of pre-receive hooks -Pre-receive hooks can have unintended effects on the performance of the GitHub Enterprise appliance and should be carefully [created in a pre-receive hook environment](https://docs.github.com/en/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). A misconfigured pre-receive hook may block all developers from contributing/pushing to a repository or consume all system resources on the appliance. +Pre-receive hooks can have unintended effects on the performance of the GitHub Enterprise appliance and should be carefully [created in a pre-receive hook environment](https://docs.github.com/enterprise-server/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment). A misconfigured pre-receive hook may block all developers from contributing/pushing to a repository or consume all system resources on the appliance. Running scripts will be automatically terminated after 5 seconds (blocking the push). Consequently, pre-receive hooks should not rely on the results of external systems that may not be always available or on any other potentially blocking resource. As any negative exit code of a pre-receive hook will reject the associated push attempt, your scripts should handle unforeseen standard input and environment variable values in a robust way. From 17d2a3ac382a1aff3d33079db7df4d243c380488 Mon Sep 17 00:00:00 2001 From: Justin Alex <1155821+jusuchin85@users.noreply.github.com> Date: Fri, 22 Aug 2025 16:33:03 +1000 Subject: [PATCH 30/31] Add new GraphQL queries to list organization memberships for a user and list SCIM accounts for an EMU (#791) * Add query to list organization memberships for a user * Add GraphQL query to list SCIM accounts for an EMU Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../queries/emu-list-scim-accounts.graphql | 32 +++++++++++++++++++ graphql/queries/user-org-membership.graphql | 15 +++++++++ 2 files changed, 47 insertions(+) create mode 100644 graphql/queries/emu-list-scim-accounts.graphql create mode 100644 graphql/queries/user-org-membership.graphql diff --git a/graphql/queries/emu-list-scim-accounts.graphql b/graphql/queries/emu-list-scim-accounts.graphql new file mode 100644 index 000000000..3ac1e9f2f --- /dev/null +++ b/graphql/queries/emu-list-scim-accounts.graphql @@ -0,0 +1,32 @@ +# This GraphQL query can be used to generate a list of enterprise members and their SCIM account details in a GitHub Enterprise Cloud with Managed Users (EMU) enterprise account. +# +# Please ensure that your Personal Access Token (PAT) has the "read:enterprise" scope to access enterprise-level data. +# Replace `ENTEPRISE_SLUG` with the slug of your enterprise. To get more than 10 members, you can adjust the "first" parameter. +# +# Note: the output will include suspended users (identified with their obfuscated account name), but it will not include personal user accounts that are not part of the EMU (Enterprise Managed Users) system. + +query ListAllEnterpriseUsers { +# Replace `ENTERPRISE_SLUG` with the slug of your enterprise. To get more than 10 members, you can adjust the "first" parameter. +# +# Note: the output will include suspended users (identified with their obfuscated account name), but it will not include personal user accounts that are not part of the EMU (Enterprise Managed Users) system. + +query ListAllEnterpriseUsers { + enterprise(slug: "ENTERPRISE_SLUG") { + ownerInfo { + samlIdentityProvider { + externalIdentities(first: 10) { + nodes { + user { + login + name + } + scimIdentity { + username + groups + } + } + } + } + } + } +} diff --git a/graphql/queries/user-org-membership.graphql b/graphql/queries/user-org-membership.graphql new file mode 100644 index 000000000..2f6486510 --- /dev/null +++ b/graphql/queries/user-org-membership.graphql @@ -0,0 +1,15 @@ +# This GraphQL query can be used to generate a list of organizations a user belongs to on GitHub.com +# replace GITHUB_LOGIN with the username that you would like to view +# +# Note: the organizations listed are only ones that the calling user is a member of. If the calling member is not part of any organizations that the searched user belong to, it will not be shown here. + +query GetUserOrganizations { + user(login: "GITHUB_LOGIN") { + organizations(first: 100) { + nodes { + organization_name: name + organization_slug: login + } + } + } +} From 946ae7bb34c1525c842e6cbf01548415008f55e2 Mon Sep 17 00:00:00 2001 From: Pandatabe223 <91859306+Pandatabe223@users.noreply.github.com> Date: Mon, 26 Jan 2026 08:47:25 +0200 Subject: [PATCH 31/31] Update devcontainer.json --- .devcontainer/devcontainer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index ad93c14a0..f9e6292da 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,4 +1,4 @@ -{ +#/ AUTHOR: @IAmHughes{ "image": "mcr.microsoft.com/devcontainers/universal:2", "features": { }